Configure Rest API
Enabling REST API access will allow you to use multi-factor authentication as configured in your Microsoft 365 account. Once enabled, the user will be diverted to Microsoft 365 login portal for authentication to use M365 Manager Plus. REST API is also essential to generate reports on your Microsoft 365 setup.
Steps to configure REST API
- Login to M365 Manager Plus' admin portal.
- Choose the Tenant Settings option found at the top right corner.
- Select the Enable Now option found under the Rest API Access column corresponding to the Microsoft 365 tenant for which REST API access must be enabled.
- You will be diverted to the Microsoft 365 login portal. Enter the credentials of the global admin account you had configured in M365 Manager Plus.
- Click Sign-in.
- An application for M365 Manager Plus will be created automatically. And you will now see a page that displays the list of permission that application need.
Note: If you want to change the permissions required by the application, do manual configuration.
- Go through the list and click Accept.
- You will now be redirected to M365 Manager Plus console, where you can see the REST API Access is Enabled for the account you configured.
If the automatic configuration was not successful due to permission issues, Rest API Access must be configured manually. The error message will show you a pop-up where you should fill appropriate values to complete the configuration.
- Sign in to Azure AD portal using the credentials of the account for which you need to enable REST API.
- Select Azure Active Directory from the left pane.
- Select App registrations.
- Click on New registration.
- Provide a Name of your choice for the M365 Manager Plus application to be created.
- Click on Register.
- You will now see the Overview page of the application you have created.
- Click on Add a Redirect URI.
- Select Web under the TYPE drop-down, and in the REDIRECT URI field, enter http://hostname:port_number/webclient/VerifyUser. For example, http://localhost:8365/webclient/VerifyUser or https://192.345.679.345:8365/webclient/VerifyUser. Follow the same for the next row and enter http://hostname:port_number/webclient/ GrantAccess as the REDIRECT URI. For example, http://localhost:8365/webclient/GrantAccess or https://192.345.679.345:8365/webclient/GrantAccess
- Also add, demo.m365managerplus.com and https://manageengine.com/microsoft-365-management-reporting/redirect.html as REDIRECT URIs in the subsequent rows with Web as the value for TYPE.
Click on Save.
Click on Manifest in the left pane.
Look for requiredResourceAccess array in the code.
Paste the content in this file in the highlighted section of the below image.
- The REDIRECT URI must be,
- Less than 256 characters in length.
- Should not contain wildcard characters.
- Should not contain query strings
- Must start with HTTPS or http://localhost
- Must be a valid and unique URL..
- For http, the URI value is, http://localhost:8365. Machine name or IP address cannot be used in place of localhost, if http is used.
- For https, the URI value is, https://192.345.679.345:8365 or https://testmachine:8365.
- Based on the Connection Type (http/https) you have configured in M365 Manager Plus, the REDIRECT URI format varies.
Click on Save.
Click on API permissions in the left pane.
In the Grant consent section, click on Grant admin consent for <your_company_name>.
Click on Yes in the pop-up that appears.
Click on Certificates & secrets from the left pane.
Click on New client secret.
This section generates an app password for M365 Manager Plus. Under the Description field provide a name to identify the app to which the password belongs.
Choose when the password should expire.
Click on Add.
Copy the string under VALUE and save it. You will need this later.
Now go to the Overview section in the left pane.
Copy the values of Application (client) ID and Object ID and save them. You will need these values later.
M365 Manager Plus portal
- Now back to M365 Manager Plus console where you have the pop-up.
- Paste the Application ID and Application Object ID values you had copied in Step 26 in the respective fields.
- In App Secret Key paste the value you had copied in Step 24.
- Click on Update.
- You can now see that the Rest API Access is Enabled for the account you configured.